Why You Really, Truly Don’t Want a Private Cloud

I had the pleasure of speaking at two quite different Cloud Computing conferences last week: Opal’s Business of Cloud Computing in Dallas and UBM’s CloudConnect in Bangalore. As the conference names and locations might suggest, the former was the more business-oriented while the latter was chock full of techies. What I didn’t expect, however, was that the business Cloud crowd had a more mature, advanced conception of Cloud than the technical audience. While the techies were still struggling with essential characteristics like elasticity, trying to free themselves from the vendor nonsense that drives such conferences, the business folks generally had a well-developed understanding of what Cloud is really all about, and as a result, focused their discussions on how best to leverage the approach to meet both tactical and strategic business goals.

Perhaps the most interesting contrast between the perspectives of these two audiences was their respective opinions about private Clouds. The techies at the Bangalore conference, having drunk too much of the vendor Kool-Aid, were generally of the opinion that public Clouds were too risky, and that their organizations should thus focus their efforts on the private deployment model. The Dallas business crowd, in contrast, generally held that the public approach was the way to go, with some folks even going so far as to claim that public Cloud was the only true approach to Cloud Computing.

This distinction is remarkable, and aligns with ZapThink’s thinking on this matter as well: the more you focus on the business benefits of Cloud, the more likely you’ll be leaning toward public over private deployment models. Furthermore, this mind shift isn’t all about security risks. We recently debunked the notion that public Clouds are inherently less secure than private ones, and many people at the Dallas conference agreed. But there’s more to this story. Once you work through the issues, you’ll likely come to the same conclusion: there’s generally little or no solid business reason to build a private Cloud.

The Problems with Private Clouds

The best way to understand the limitations of the private deployment model is to take the business perspective. What are the business benefits behind the move to the Cloud, and how can you achieve them?

Cloud will shift capital expense to operational expense – instead of having to invest in hardware and software, you can pay-as-you-go for what you need as an operational expense, and write it off your taxes right away. Except, of course, with private Clouds, where you have to build out the entire data center infrastructure yourself. If anything, private Clouds increase capital expenditures.

Cloud increases server utilization while dealing with spikes in demand – instead of setting up a data center full of servers that run idle most of the time on the off chance you need them to deal with the occasional Slashdot post or Justin Bieber tweet, the Cloud improves utilization while its elasticity deals with those annoying spikes. Except, of course, in private Clouds, unless your organization is so huge that multiple divisions look to your Cloud to handle many different spikes in demand, that you fervently hope arrive at different times. But what if that Kim Kardashian visit to your corporate HQ causes traffic to all your divisions to spike at once? Fugeddaboutit.

Cloud keeps infrastructure costs very low for new projects, since they don’t have much traffic yet – again, works much better in a public Cloud. How many such projects do you expect to have at any one time? If the number isn’t in the hundreds or thousands, then private Cloud is massive overkill for this purpose.

The elasticity benefit of the Cloud gives us the illusion of infinite capacity – infinite capacity is all fine and good, but it’s an illusion. And illusions work fine until, well, until they don’t. Elasticity provides the illusion of infinite capacity as long as there is always sufficient capacity to meet additional demand for Cloud resources. You’ll never consume all the capacity of a public Cloud, but your Private cloud is another matter entirely. It’s only so big. If one of your developers has the bright idea to provision a thousand virtual machine instances or a petabyte of storage for that Big Data project, and your private Cloud doesn’t have the physical capacity to do so, then bye-bye illusion.

We already have a significant investment in our existing data center, so converting it to a private Cloud will save us money while enabling us to obtain the benefits of the Cloud – in your dreams. One essential requirement for building an effective private Cloud is rigorous homogeneity. You want all your physical servers, network equipment, virtualization technology, storage, etc. to be completely identical across every rack. Look at your existing, pre-Cloud data center. Homogeneity isn’t even on your radar.

We don’t want to be in the data center business. That’s why we’re moving to the Cloud – guess what? Building a private Cloud puts you in the data center business!

Whatever cost efficiencies the public Cloud providers can achieve we can also achieve in our private Cloud – this argument doesn’t hold water either. Not only to the leading public Clouds—Amazon, Microsoft Azure, Rackspace, etc.—have enormous economies of scale, but they’re also operating on razor-thin margins. Furthermore, if they can wring more efficiencies out of the model, they’ll lower their prices. They’re taking this “price war” approach to their margins for all the regular business school reasons: to keep smaller players from being competitive, and to push their larger competitors out of the business. It doesn’t matter how big your private Cloud is, it simply cannot compete on price.

OK fine, you get it. Private Clouds suck, fair enough. You’ll even buy our arguments that public Clouds may actually be more secure than private ones. But you’re in a regulated industry or otherwise have stringent regulatory requirements about data protection or data movement that the public Cloud providers can’t adequately address. The only way you can move to the Cloud at all is to build a private Cloud.

Not so fast. While it’s true that regulatory compliance business drivers and limitations are becoming an increasingly important part of the Cloud story, any regulatory drawbacks to using public Clouds are essentially temporary, as the market responds to this demand. A new class of public Cloud provider, what is shaping up to be the “Enterprise Public Cloud Provider” marketplace, is on the rise. The players in this space are putting together offerings that include rigorous auditing, more transparent and stringent service-level agreements, and overall better visibility for corporate customers with regulatory concerns.

The incumbent public Cloud providers aren’t standing still either. For example, while Amazon built their public Cloud (and with it, the entire industry) on a “one size fits all” model aimed initially at developers, startups, and other small to midsize companies, they have been working on building out their enterprise offerings for a while now. While you may not be able to get solutions from the big players that meet your regulatory needs today, you can be sure it won’t take them long to figure out how to compete in even the most regulated industries. In a few years, if you look back on your decision to build a private Cloud on the basis of regulatory compliance, you’ll likely feel quite foolish as your competitors who waited will soon have fully compliant public alternatives, while you’re stuck paying the bills on your private Cloud initiative that will have become an expensive money pit.

The ZapThink Take

So, should any organization build a private Cloud? Perhaps, but only the very largest enterprises, and only when those organizations can figure out how to get most or all of their divisions to share those private Clouds. If your enterprise is large enough to achieve similar economies of scale to the public providers, then—and only then—will a private option be a viable business alternative.

In many such cases, those large enterprise private Clouds essentially become community Clouds, as multiple divisions of an enterprise share a single internal Cloud provider that operates much like a public Cloud, albeit for internal use across the enterprise. This community model makes sense, for example, for many federal governments. They can achieve the cost efficiencies of public Clouds while maintaining the control benefits of private Clouds by supporting the Cloud initiatives across multiple agencies.

Virtual Private Clouds (VPCs) also give many organizations the best of both worlds, as they leverage the public Cloud but run logically on your private network. Many hybrid Clouds follow the VPC approach, as hybrid on premise/Cloud models typically leverage private networks. ZapThink predicts this hybrid VPC model will become the predominant deployment model in the enterprise.

Still not convinced? Well, ask yourself why, and the answer is likely to be a question of control. Many executives will still be uncomfortable about public Clouds, even when we address the security and compliance issues that currently face public Cloud providers, simply because they don’t control the public Cloud. Our answer? Distribution of IT control is essential to the ZapThink 2020 vision, and is at the heart of the Agile Architecture Revolution. The Web doesn’t have centralized control, after all, and it works just fine. The app store model for enterprise IT, the rise of bring your own device (BYOD), and the fundamentally mobility-driven architecture of the Internet of Things are all examples of the broader shift to the notion of decentralized control over IT. Fighting to maintain control is a losing proposition, and as a result, by 2020, private Clouds will be a mostly-forgotten bump on the road to the next big thing.

Discussion

44 comments for “Why You Really, Truly Don’t Want a Private Cloud”

Jason:

Good afternoon.

This is the best article I have read on Cloud Computing Architecture. I like such an approach that deals with practical thinking that is supported by technical and scientific foundation.

The problem that I have with the "techies" is that they talk without understanding the technical and scientific reasons behind what they say.

"Risks" are due to unknown factors -- uncertainty and complexity -- that could affect the choice --building a private cloud -- and the realization of the choice to achieve the goals. Until the Wall Street collapse, we really did not properly understand the term "risks ". In fact, any Operation Research model you examined only dealt with risks associated with financial management. No Operation Research model looked at unknown factors such as geopolitical and economic issues (such as in Greece today), sudden rise in oil price, major tornadoes and hurricanes, etc. that could affect the realization of the choice to achieve the goals.

With respect to a private cloud, major hurricanes or tornadoes could totally wipe out an entire private cloud unless the private cloud is designed as distributed enterprise SoS or many decoupled SoS (to handle uncertainty and complexity), spread across many geographical regions. But then such an ecosystem, to handle uncertainty and complexity, is essentially similar in concept to a public cloud.

Thus, unlike public clouds, private clouds are susceptible to much uncertainty and complexity.

Jason,
A lot of good points in your article so thank you for that. It's important to note however, that inherent in the inevitability of the widespread adoption of an enterprise "hybrid cloud" operating model is the adoption of the private cloud component. Hybrid, by definition, will encompass a unified governance, policy and management capability across "n" service providers from both inside and outside the firewall. This invalidates the notion that "private" cloud will go away-- in fact, it will accelerate, as a necessary part of a hybrid strategy.

In addition, cost savings alone are not the only or primary driver for adopting a cloud model-- private or otherwise. As companies move from basic virtualization programs to hybrid clouds the business value comes from the agility gains directly at the business unit level--i.e. speed-to-market, innovation cycles, and expansion into new product lines and geographies. Large enterprises and governments today generally struggle with long procurement cycles and overly complicated software development life-cycles, rendering the organization almost incapable of competing in fast growing sectors or developing markets. The ability to automate the tool-chain across an application lifecycle, and dramatically compress the time from conception to production, will become the difference between competitive and laggard organizations.

I like your latest ZapFlash discussion about private vs. public cloud and I agree with the points you are making. As a government contractor with over 25 years’ experience working with the federal government, I would like to add a perspective that may contribute to why many people think “private clouds”

In general, the government knows how to procure known and measurable quantities of a product or capability but it has a very difficult time pricing and purchasing something ambiguous and unknown.

The typical government procurement office is well equipped to specifying and pricing a data center, or a capacity, as well as procuring it and overseeing the contract delivery, however, significant creativity and flexibility is needed in order to handle the elasticity that is one of the main objectives and characteristics of a public cloud solution. Government procurement and management processes are not designed that way, and even if you tell the stakeholders that the cost will be significantly less and the overall value to the government greater, they will want to know the cost up front in order to evaluate the multiple bids, as well as to monitor the cost. The government procurement and program environment is currently not designed to handle the ambiguous fluctuation of the cost of a public cloud; therefor the preference will go to the known cost of a private cloud.

There are of course various ways to procure and manage it, however, this requires creative procurement methods not typically employed by the average contracting office. In general, the preference will go for the ‘known vs. the unknown’; so the more expensive, but known and predictable, private cloud, will be preferred over a more efficient, but lesser known, public cloud. This ‘known vs. unknown’ plays the same role in the concern about security and the resulting reluctance to engage in the public cloud over the private cloud.

Simple things that for some reason otherwise-intelligent people seem to constantly forget while preaching cloud:

- legacy system issues include already purchased hardware, systems, licenses, architecture and design, talent, process, etc etc.
--- without following through on the original business models the forecast benefits and RoI will never be realised - which if allowed to happen requires calculation into any Cloud cost / savings projections

- as per Dov, existing processes (across both the private and public sectors) require adjustment

- as per my entire 30 year career in solutions architecture and technology planning
--- *nothing* ever has been, nor is likely to be, a panacea
--- almost everything related to people and change takes longer and delivers less return than was projected

Please see this article which I commented upon and reblogged - and several other similar writings on my blog at http://danielsteeves.wordpress.com/2012/06/03/content-insider-231-clouds-everywhere/

Don't misunderstand me: You are NOT wrong... but in my opinion based on 32 years in the industry, you are not as correct as you think you are and like many others need to stop the generalisations and pontifications and get on with actual delivery .. which requires listening to needs and situations, making observations and determining requirements rather than picking up a paintbrush and a bucket of beige paint.

Kofi, you can't really think that all public clouds are magically dispersed, diverse, backed up and accessible within the required SLA and OLA levels for that business to earn as planned.. for dirt cheap prices?

And that the expensive private cloud doesn't provide any of that luxury and in fact makes that which you have designed..
to meet your needs..
and which is under your control
-- you contend that this is more susceptible to what, now?

Are you aware that cloud is a new term for old stuff... and that public v. private is simply a commercial model for the same stuff running on the same tin over the same pipes - - and often even in the same data centres?

If so you might benefit from this simple little blog I wrote called 'My Gardener is in the Cloud' and all of the other real world pragmatic discussions I have either written or re-blogged at http://danielsteeves.wordpress.com/2012/04/30/my-gardener-is-in-the-cloud/

If you truly believe that only the DoD and Toyota understand uncertainty and complexity then clearly you don't get out much and insult businesses and experts around the world with such arrogance

The infrastructure supplier for your hospital example was hopefully sued out of business: any industrial strength solution put in place by professionals the nature of whom I have directed over the years: two data centres, diverse routing, complex backup programmes, custom designed Disaster recovery solutions with integrated Business Continuity plans. Oh yea: don't forget the rocket science aspect of keeping a copy of your back up OFFSITE!!

In argument I would say that both concepts *are* a function of 30 years experience in the traditional IT stuff - particularly when my traditional stuff included designing and implementing some of the first component and frameworkl architectures on which ANY "aaS” is delivered.

I have no interest in reading proceedings about theoretical approaches to the things that the rest of us do in the real world... but trust me, if I did, I can't imagine that I would require your explanation

I strongly suggest that you venture out into the real world rather than write about it.

[...] Comment Login50%50% Last week, Jason Bloomberg, the president of ZapThink, penned a vicious screed against private clouds. Why buy when you can rent? Why deal with the headache of buying on-premises [...]

- In the Financial Services sector, despite the hard times, they still have enough money to throw at private cloud creation, i.e. the commercial pressures are obviously not so great as to overcome the "no one got sacked for buying X" inertia - yet. These are to some extent vanity projects IMHO.
- The "do it in-house" inertia (aka preserve our data centre jobs) is still massive. Part of this is that organisations are struggling with the degree of change going on, and so not having to think too hard to prove the security etc of public cloud to internal stakeholders is the easiest route to take, despite being usually sub-optimal.

[...] Jason referenced in his April ZapFlash: Why Public Clouds are More Secure than Private Clouds and Why You Really, Truly Don’t Want a Private Cloud. See the ZapFlash entries for an explanation of each of the driving and restraining forces shown [...]